Jump to content

Remeber Me???


DeanWhitehouse

Recommended Posts

Well if you have code that outputs HTML data and yet is still required to for the login process, then it is not seperated. Most large programs will keep all code that contains and prints HTML in serperate file and the rest of the code that does the 'thinking' in other files.

Link to comment
Share on other sites

Another problem,

this code

if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=$_SERVER[REQUEST_URI]'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];
	}
}

how can i stop it reposting the data, as it does store the session, but when it takes you back to the page it reposts the data(which is blank)

Link to comment
Share on other sites

Huh? How can a server-side script cause the browser to repost a form?

 

Does it have anything to do with you useing a meta refresh rather then a 'Location:' header?

 

I would really recommend using header('Location: URL'); rather then a meta refresh.

 

Link to comment
Share on other sites

erm, well, using this code i get the error, not all fields field in, but the session is created for the admin so it has logged in, but resent so thats why the error is showing.

to see for your self,

http://deanwhitehouse.awardspace.co.uk/admin/admin_centre.php

Username:

Blade280891

 

Password:

Natasha

 

case sensitive. The error appears at the top left, and refresh to see the admin centre

 

<?php
require_once '../includes/main.inc.php';
require_once '../includes/db_connect.php';
require_once '../includes/config_table.inc.php';
session_start();



// Only include the header and footers if you have to print errors
function print_error($err_message)
{
require_once '../includes/header.php';
require_once '../includes/footer.php';
require_once '../nav_bar.php';
echo $err_message;
exit;
}

$user_name = $_POST["user_name"];        
$user_password = $_POST["user_password"];    
$verify_username = strlen($user_name);
$verify_pass = strlen($user_password);
if ($verify_pass > 0 && $verify_username > 0)
{
$salt = substr($user_password, 0, 2);
$userPswd = crypt($user_password, $salt);
$sql = "SELECT * FROM `$user` WHERE user_name='$user_name' AND user_password='$userPswd' LIMIT 1;";
$result = mysql_query($sql);
if (mysql_num_rows($result) == 1){
	$row = mysql_fetch_assoc($result);
	$user_level = $row['userlevel'];
	if ($user_level == 1) {
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = 	'$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		header("Location:".$_SERVER[REQUEST_URI]);
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];

	} 
	elseif ($user_level == 2){    
		$login_check = @mysql_fetch_array(mysql_query("SELECT * from `$user` WHERE user_name = '$_GET[u]' AND user_password = '$_GET[p]'"));

		$userright = array($login_check['user_name'], $login_check['userlevel']);
		$s_userpass = serialize($userpass);

		setcookie( "$cookiename" , $s_userpass , time()+$custom_time , "" , "127.0.0.1" );
		echo "<meta http-equiv='refresh' content='0; url=../index.php'>";
		$_SESSION['is_valid'] = true; //change the session variable name to what you want, just remember it for all files
$_SESSION['username'] = $row['user_name'];
$_SESSION['user_level'] = $row['userlevel'];
	}
}
else{
	print_error( 'Login failed. Username and Password did not match database entries.');    
}
}

else
{
print_error( "Form was not completed. Please go back and make sure that the form was fully completed.");    
}


mysql_close();
?> 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.